这可能是由于堆的损坏,这表明testcrypto.exe或它加载的任何DLL中的错误

时间:2011-02-17 21:36:32

标签: c++

#pragma once
#include <string>
#include <vector>
#include <stdint.h>

class PasswordCrypt
{
public:
    PasswordCrypt(std::vector<uint8_t> buffer);
    ~PasswordCrypt(void);
    void PassCrypto(std::vector<uint8_t> buffer);
    const std::vector<uint8_t>& Encrypt(const std::vector<uint8_t>& buffer);
    const std::vector<uint8_t>& Decrypt(std::vector<uint8_t>& buffer);
private:
    uint8_t* key;
};

--------------------------------------------------------------------------------------
#include "PasswordCrypt.h"

PasswordCrypt::PasswordCrypt(std::vector<uint8_t> buffer)
{
    this->key = new uint8_t[200];
    int sum = 0;
    for (int i = 0 ; i< buffer.size() ;i++)
        sum += buffer[i];
    srand(sum);
    uint8_t hash[0x10];
    for (int i = 0; i < 0x10; i++)
    hash[i] =(uint8_t)rand();
    for (int i = 1; i < 0x100; i++)
        {
            key[i * 2] = (uint8_t)i;
            key[(i * 2) + 1] = (uint8_t)(i ^ hash[i & 0x0F]);
        }
    for (int i = 1; i < 0x100; i++)
    for (int j = 1 + i; j < 0x100; j++)
        if (key[(i * 2) + 1] < key[(j * 2) + 1])
        {
            key[i * 2] ^= key[j * 2];
            key[j * 2] ^= key[i * 2];
            key[i * 2] ^= key[j * 2];
            key[(i * 2) + 1] ^= key[(j * 2) + 1];
            key[(j * 2) + 1] ^= key[(i * 2) + 1];
            key[(i * 2) + 1] ^= key[(j * 2) + 1];
        }
}



PasswordCrypt::~PasswordCrypt(void)
{
    delete[] this->key;
}

const uint8_t scanCodeToVirtualKeyMap[] = 
{
    0x00, 0x1B, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0xBD, 0xBB, 0x08, 0x09,
    0x51, 0x57, 0x45, 0x52, 0x54, 0x59, 0x55, 0x49, 0x4F, 0x50, 0xDB, 0xDD, 0x0D, 0x11, 0x41, 0x53, 
    0x44, 0x46, 0x47, 0x48, 0x4A, 0x4B, 0x4C, 0xBA, 0xC0, 0xDF, 0x10, 0xDE, 0x5A, 0x58, 0x43, 0x56, 
    0x42, 0x4E, 0x4D, 0xBC, 0xBE, 0xBF, 0x10, 0x6A, 0x12, 0x20, 0x14, 0x70, 0x71, 0x72, 0x73, 0x74, 
    0x75, 0x76, 0x77, 0x78, 0x79, 0x90, 0x91, 0x24, 0x26, 0x21, 0x6D, 0x25, 0x0C, 0x27, 0x6B, 0x23, 
    0x28, 0x22, 0x2D, 0x2E, 0x2C, 0x00, 0xDC, 0x7A, 0x7B, 0x0C, 0xEE, 0xF1, 0xEA, 0xF9, 0xF5, 0xF3, 
    0x00, 0x00, 0xFB, 0x2F, 0x7C, 0x7D, 0x7E, 0x7F, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0xED, 
    0x00, 0xE9, 0x00, 0xC1, 0x00, 0x00, 0x87, 0x00, 0x00, 0x00, 0x00, 0xEB, 0x09, 0x00, 0xC2, 0x00,

};

const uint8_t virtualKeyToScanCodeMap[] =
{
    0x00, 0x00, 0x00, 0x46, 0x00, 0x00, 0x00, 0x00, 0x0E, 0x0F, 0x00, 0x00, 0x4C, 0x1C, 0x00, 0x00, 
    0x2A, 0x1D, 0x38, 0x00, 0x3A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 
    0x39, 0x49, 0x51, 0x4F, 0x47, 0x4B, 0x48, 0x4D, 0x50, 0x00, 0x00, 0x00, 0x54, 0x52, 0x53, 0x63, 
    0x0B, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x00, 0x1E, 0x30, 0x2E, 0x20, 0x12, 0x21, 0x22, 0x23, 0x17, 0x24, 0x25, 0x26, 0x32, 0x31, 0x18, 
    0x19, 0x10, 0x13, 0x1F, 0x14, 0x16, 0x2F, 0x11, 0x2D, 0x15, 0x2C, 0x5B, 0x5C, 0x5D, 0x00, 0x5F, 
    0x52, 0x4F, 0x50, 0x51, 0x4B, 0x4C, 0x4D, 0x47, 0x48, 0x49, 0x37, 0x4E, 0x00, 0x4A, 0x53, 0x35, 
    0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, 0x57, 0x58, 0x64, 0x65, 0x66, 0x67, 
    0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x76, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x45, 0x46, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x2A, 0x36, 0x1D, 0x1D, 0x38, 0x38, 0x6A, 0x69, 0x67, 0x68, 0x65, 0x66, 0x32, 0x20, 0x2E, 0x30, 
    0x19, 0x10, 0x24, 0x22, 0x6C, 0x6D, 0x6B, 0x21, 0x00, 0x00, 0x27, 0x0D, 0x33, 0x0C, 0x34, 0x35, 
    0x28, 0x73, 0x7E, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1A, 0x56, 0x1B, 0x2B, 0x29, 
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x71, 0x5C, 0x7B, 0x00, 0x6F, 0x5A, 0x00, 
    0x00, 0x5B, 0x00, 0x5F, 0x00, 0x5E, 0x00, 0x00, 0x00, 0x5D, 0x00, 0x62, 0x00, 0x00, 0x00, 0x00

};



const std::vector<uint8_t>& PasswordCrypt::Encrypt(const std::vector<uint8_t>& buffer)
{
    std::vector<uint8_t> result(buffer.size());
    for (int i = 0; i < buffer.size(); i++)
    {
        bool upper = false;
        if (buffer[i] == 0) break;
        else
        {
            uint8_t b =this->key[buffer[i] * 2];
            if (b > 0x80) 
            {
                b = (uint8_t)(this->key[buffer[i] * 2] - 0x80);
                upper = true;
            }
            result[i] += scanCodeToVirtualKeyMap[b];
        }
        if (!upper && result[i] >= 'A' && result[i] <= 'Z') result[i] += 'a' - 'A';
    }

    return result;
}

const std::vector<uint8_t>& PasswordCrypt::Decrypt(std::vector<uint8_t>& buffer)
{
    std::vector<uint8_t> result(buffer.size(), 0);
    for (int j = 0; j < buffer.size(); j++)
    {
        uint8_t c = buffer[j];
        if (buffer[j] >= 'a' && buffer[j] <= 'z')
            buffer[j] -= 'a' - 'A';
        uint8_t d = virtualKeyToScanCodeMap[buffer[j]];
        if (c >= 'A' && c <= 'Z')
            d += 0x80;
        for (uint8_t i = 0; i <= 255; i++)
        {
            uint8_t b = (uint8_t)this->key[i * 2];
            if (b == d)
            {
                result[j] = i;
                break;
            }
        }
    }
    return result;
}
---------------------------------------------------------------------------------------

#include <iostream>
#include <Windows.h>
#include <string>
#include <stdint.h>
#include "PasswordCrypt.h"
#include <iomanip>

using namespace std;


void output_hex(std::ostream& out, std::vector<uint8_t>& data) {
    for (std::vector<uint8_t>::iterator i=data.begin();i<data.end();i++)
        out << std::hex
            << std::setw(2)
            << std::setfill('0')
            << static_cast<int>(data[*i])
            << " ";
    out << endl;
}

int main()
{
    std::string test="Hellow World!";
    std::vector<uint8_t> buf(test.begin(), test.end());
    PasswordCrypt dec(buf);
    //output_hex(cout, buf);
    std::vector<uint8_t> enced = dec.Encrypt(buf);
    //output_hex(cout, enced);
    std::vector<uint8_t> deced = dec.Decrypt(enced);
    //output_hex(cout, deced);
    system("pause");
    return 0;
}

错误:

  

Windows触发了一个断点   testcrypto.exe。

     

这可能是由于腐败造成的   堆,表示中的错误   testcrypto.exe或它的任何DLL   装了。

     

这也可能是由于用户造成的   在testcrypto.exe中按F12   对焦。

2 个答案:

答案 0 :(得分:4)

您有经典的缓冲区溢出。在这里为key分配200个字节:

this->key = new uint8_t[200];

然而,这里:

for (int i = 1; i < 0x100; i++)
    {
        key[i * 2] = (uint8_t)i;

您(尝试)通过k[2]写信至key[2 * 0x100]。 2 * 0x100是0x200,十进制为512。看来,在分配缓冲区的地方,你应该真正分配0x200个元素。

其他一些代码似乎试图访问key[0x200] - 为了使其工作,你需要/需要分配0x201元素(0x200元素将从key [0]到key [0x1ff运行]包容性)。

编辑:做一点看,它变得更糟。也许把这三条线放在一起会使下一个问题变得更加明显:

const std::vector<uint8_t>& PasswordCrypt::Encrypt(const std::vector<uint8_t>& buffer)
{
    std::vector<uint8_t> result(buffer.size());

[ ...]

    return result;

您正在返回对局部变量的引用,因此调用者会收到一个悬空引用。

答案 1 :(得分:2)

j < 0x100;

0x100 与100相同。它是256.而你的key数组只有200个元素。

然后你开始尝试访问{{1>},这是 way 在数组末尾,践踏所有随机内存位。那是你的问题。

你的另一个问题是使用xor-swapping而不是更具可读性 - 虽然你可能认为这是一个“巧妙的技巧”,但事实并非如此。它使事情变得不那么清晰,并且没有提供任何有意义的性能优势。